What Recent Cyberattacks Reveal About Gaps in Insurance IT Security

In recent months, cyberattacks have rocked several well-known insurance companies, exposing sensitive customer data, disrupting operations, and rattling an industry already under pressure to modernize. 

• Aflac, the largest provider of supplemental insurance in the US, fell victim to an attack orchestrated by a sophisticated cybercrime group, potentially exposing customer Social Security numbers, insurance claims, and health information. 
• Philadelphia Insurance Companies experienced system outages after facing a “major” ransomware attack, forcing employees to remain offline for days.  
• Erie Insurance, with over 6 million policies, experienced network outages due to an “information security event,” triggering its incident response protocols. 
• Digital insurer Lemonade experienced a data breach that exposed 190,000 individuals’ driver’s license numbers via its auto quote platform, with data compromised between April 2023 and September 2024, and not detected until March 2025.  

These incidents aren’t isolated. They’re symptomatic of deeper IT security gaps that many insurers, brokers, and MGAs still haven’t fully addressed. 

As a trusted technology partner to insurance organizations, Sikich is taking a closer look at what these breaches reveal, and how the industry must respond. 

The Wake-Up Call: High-Profile Breaches, Real-World Impact 

In just the past year, multiple insurers, regionally and globally, have experienced significant breaches. From ransomware shutting down policy processing systems to compromised agent portals leaking personal data, the consequences have been severe: 

• Downtime lasting weeks due to ransomware or recovery delays 
• Loss of trust from agents and customers following publicized leaks 
• Regulatory scrutiny tied to NYDFS and NAIC cybersecurity compliance 
• Disrupted claims processing, creating ripple effects across the value chain 

While each attack had its own entry point, most had one thing in common: the attackers didn’t break in—they logged in. 

The 5 Biggest Gaps We’re Seeing in Insurance IT Security 

Based on our work with insurance organizations and industry forensics, here are the most common weak spots that leave insurers exposed: 

1. Over-Reliance on Legacy Systems 

Many insurers still depend on outdated core systems that weren’t built for today’s threat landscape. Even when modern interfaces exist (e.g., quoting portals or CRMs), back-end infrastructure often lacks adequate segmentation and logging. 

2. Unsecured Third-Party Integrations 

From MGAs to reinsurers to technology vendors, insurers operate in a deeply interconnected ecosystem. Attackers frequently exploit these digital connections to move laterally across organizations. 

3. Lack of Real-Time Threat Monitoring 

Too often, security logs are collected, but not actively monitored. Without a 24/7 Security Operations Center (SOC) or managed detection and response (MDR), critical anomalies go unnoticed until damage is done. 

4. Inadequate Incident Response Planning 

Many insurers lack tested, up-to-date response playbooks. When breaches occur, internal confusion and slow decision-making compound the impact. 

5. Gaps in Identity and Access Management (IAM) 

Stolen credentials and privilege escalation remain top attack vectors. Weak IAM policies, inconsistent MFA enforcement, and lack of session controls make it easy for attackers to impersonate employees or agents. 

What You Can Do Now 

The good news is that these insurance IT security gaps are fixable. Sikich recommends insurers take these immediate steps: 

Conduct a Cyber Risk Assessment 

Start with a focused diagnostic of your Cybersecurity risk and controls that is tailored to insurance operations. Know your vulnerabilities before attackers do. 

Implement Zero Trust Principles 

Assume breach and limit lateral movement. Modernize your IAM strategy and tighten access to sensitive data. 

Secure Your Modernization Efforts 

Digital transformation doesn’t guarantee security. Whether you’re deploying a quoting platform, policy portal, or AI-driven automation, build security in from day one. 

Create and Test Your Incident Response Plan 

An IR plan isn’t a binder on a shelf; it’s a muscle to be exercised. Run tabletop exercises with business and IT leaders. 

Consider Managed Security Services 

If your team doesn’t have in-house bandwidth, partner with a cybersecurity provider who understands insurance and can deliver 24/7 protection. 

Comprehensive Cybersecurity Solutions for the Insurance Industry 

Sikich brings a deep understanding of the unique cybersecurity challenges faced by the insurance industry. Leveraging years of experience, advanced technologies, and a proactive approach, Sikich Insurtech and Cybersecurity teams work together to deliver tailored solutions designed to prevent breaches, mitigate risks, and ensure compliance with industry regulations. Our team’s expertise helps clients stay ahead of evolving threats while maintaining operational integrity. 

Let’s talk about how we can help you protect what matters most: your data, your operations, and your customers’ trust.